Read the New NIST Guide on Privileged Account Management
INDIANOLA, Iowa, December 27, 2018 (Newswire.com) - IdRamp, in collaboration with the National Cybersecurity Center of Excellence (NCCoE), has just released the National Institute of Standards and Technology (NIST) practice guide for Privileged Account Management. This practice guide will help businesses reduce the ability of external and internal malicious actors to exploit privileged accounts that control critical infrastructure, information, and assets.
“The draft practice guide can be of real value to everyone from community banks to medium and large financial institutions by offering a way to effectively secure, manage, control, and audit activities of these powerful internal accounts that are essential to their business,” said Karen Waltermire, NIST senior cybersecurity engineer.
This practice guide will show how commercially available technologies like the IdRamp decentralized identity fabric can be used to secure and enforce organizational policies for privileged account use. The example implementation highlights how organizations can add a security layer between users and the privileged accounts they access and includes representative use-case scenarios to address specific challenges facing the financial services sector. The guide also maps capabilities to the FFIEC CAT, with NIST guidance and control families, including the NIST Cybersecurity Framework. The NCCoE guide addresses a critical cybersecurity and economic need. Please download the practice guide here.
About Privileged Account Management
Privileged accounts are used to access and manage an organization’s most important information assets and systems. Often described as the “keys to the kingdom,” these accounts are used by trusted people who perform tasks that ordinary users are not authorized to perform. The tools and processes used to protect these privileged accounts are collectively known as Privileged Account Management.
IdRamp is a decentralized identity integration service that provides secure interoperability across diverse platforms and applications. With IdRamp, businesses can combine cross ledger (Blockchain, Hyperledger, Corda) services with conventional security technology. IdRamp can orchestrate authorization workflows, combine web service APIs, and regulate infinite multi-factors with adaptive security policies. For more information visit http://idramp.com.
*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
Phone: +1 515 442 3158